Ubuntu update for linux
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2018-20669 CVE-2019-19947 CVE-2019-20810 CVE-2020-10732 CVE-2020-10766 CVE-2020-10767 CVE-2020-10768 CVE-2020-10781 CVE-2020-12655 CVE-2020-12771 CVE-2020-13974 CVE-2020-15393 CVE-2020-24394 |
| CWE-ID | CWE-264 CWE-908 CWE-20 CWE-362 CWE-399 CWE-400 CWE-190 CWE-401 CWE-732 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Ubuntu Operating systems & Components / Operating system linux-image-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1093-azure (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-115-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-115-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-115-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-virtual (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-lowlatency (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke-4.15 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic-lpae (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-generic (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-lts-18.04 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1094-oem (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1084-snapdragon (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1081-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1080-aws (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1072-kvm (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1068-raspi2 (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1067-gke (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-4.15.0-1051-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-oracle (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-gcp (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-azure-edge (Ubuntu package) Operating systems & Components / Operating system package or component linux-image-aws-hwe (Ubuntu package) Operating systems & Components / Operating system package or component |
| Vendor | Canonical Ltd. |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU17761
Risk: Low
CVSSv4.0: 7.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-20669
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c due to a provided address with access_ok() is not checked before accessing userspace data in certain situations. A local attacker can gain elevated privileges.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Use of uninitialized resource
EUVDB-ID: #VU92774
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-19947
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
In the Linux kernel through 5.4.6, there are information leaks of uninitialized memory to a USB device in the drivers/net/can/usb/kvaser_usb/kvaser_usb_leaf.c driver, aka CID-da2311a6385c.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU34375
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-20810
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux kernel before 5.6 does not call snd_card_free for a failure path, which causes a memory leak, aka CID-9453264ef586.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use of uninitialized resource
EUVDB-ID: #VU92424
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-10732
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to read memory contents or crash the application.
The vulnerability exists due to use of uninitialized resource error within the fill_thread_core_info() function in fs/binfmt_elf.c. A local user can read memory contents or crash the application.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Race condition
EUVDB-ID: #VU47074
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-10766
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the
implementation of SSBD. A bug in the logic handling allows an attacker
with a local account to disable SSBD protection during a context switch
when additional speculative execution mitigations are in place. This
issue was introduced when the per task/process conditional STIPB
switching was added on top of the existing SSBD switching.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU47075
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-10767
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
A flaw was found in the Linux kernel before 5.8-rc1 in the
implementation of the Enhanced IBPB (Indirect Branch Prediction
Barrier). The IBPB mitigation will be disabled when STIBP is not
available or when the Enhanced Indirect Branch Restricted Speculation
(IBRS) is available. This flaw allows a local user to perform a Spectre
V2 style attack when this configuration is active.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU47076
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-10768
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to gain access to sensitive information.
A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU47050
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-10781
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device. With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Resource exhaustion
EUVDB-ID: #VU28165
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-12655
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in "xfs_agf_verify" in "fs/xfs/libxfs/xfs_alloc.c" file. A local user can use an XFS v5 image with crafted metadata, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU28169
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-12771
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock if a coalescing operation fails in "btree_gc_coalesce" in "drivers/md/bcache/btree.c" file. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow
EUVDB-ID: #VU64946
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-13974
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within drivers/tty/vt/keyboard.c if k_ascii is called several times in a row. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Memory leak
EUVDB-ID: #VU31921
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-15393
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak in "drivers/usb/misc/usbtest.c" file. A local user can force the application to leak memory and perform denial of service attack.
MitigationUpdate the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Incorrect permission assignment for critical resource
EUVDB-ID: #VU51240
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-24394
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to incorrect assignment of permissions on new filesystem objects when the filesystem lacks ACL support in fs/nfsd/vfs.c (in the NFS server). A local user can read and write arbitrary files on the system.
Update the affected package linux to the latest version.
Vulnerable software versionsUbuntu: 14.04 - 18.04
linux-image-azure (Ubuntu package): before 4.15.0.1093.70
linux-image-4.15.0-1093-azure (Ubuntu package): before 4.15.0-1093.103~14.04.1
linux-image-4.15.0-115-lowlatency (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic-lpae (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-4.15.0-115-generic (Ubuntu package): before 4.15.0-115.116~16.04.1
linux-image-virtual (Ubuntu package): before 4.15.0.115.103
linux-image-snapdragon (Ubuntu package): before 4.15.0.1084.87
linux-image-raspi2 (Ubuntu package): before 4.15.0.1068.66
linux-image-oracle-lts-18.04 (Ubuntu package): before 4.15.0.1051.62
linux-image-oem (Ubuntu package): before 4.15.0.1094.98
linux-image-lowlatency (Ubuntu package): before 4.15.0.115.103
linux-image-kvm (Ubuntu package): before 4.15.0.1072.68
linux-image-gke-4.15 (Ubuntu package): before 4.15.0.1067.71
linux-image-gke (Ubuntu package): before 4.15.0.1067.71
linux-image-generic-lpae (Ubuntu package): before 4.15.0.115.103
linux-image-generic (Ubuntu package): before 4.15.0.115.103
linux-image-gcp-lts-18.04 (Ubuntu package): before 4.15.0.1081.99
linux-image-azure-lts-18.04 (Ubuntu package): before 4.15.0.1093.67
linux-image-aws-lts-18.04 (Ubuntu package): before 4.15.0.1080.82
linux-image-4.15.0-1094-oem (Ubuntu package): before 4.15.0-1094.104
linux-image-4.15.0-1084-snapdragon (Ubuntu package): before 4.15.0-1084.92
linux-image-4.15.0-1081-gcp (Ubuntu package): before 4.15.0-1081.92~16.04.1
linux-image-4.15.0-1080-aws (Ubuntu package): before 4.15.0-1080.84~16.04.1
linux-image-4.15.0-1072-kvm (Ubuntu package): before 4.15.0-1072.73
linux-image-4.15.0-1068-raspi2 (Ubuntu package): before 4.15.0-1068.72
linux-image-4.15.0-1067-gke (Ubuntu package): before 4.15.0-1067.70
linux-image-4.15.0-1051-oracle (Ubuntu package): before 4.15.0-1051.55~16.04.1
linux-image-oracle (Ubuntu package): before 4.15.0.1051.42
linux-image-gcp (Ubuntu package): before 4.15.0.1081.83
linux-image-azure-edge (Ubuntu package): before 4.15.0.1093.88
linux-image-aws-hwe (Ubuntu package): before 4.15.0.1080.77
CPE2.3- cpe:2.3:o:canonical:ubuntu:14.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:16.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu:18.04:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:linux-image-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1093-azure_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-115-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-virtual_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-lowlatency_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke-4.15_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic-lpae_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-generic_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-lts-18.04_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1094-oem_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1084-snapdragon_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1081-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1080-aws_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1072-kvm_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1068-raspi2_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1067-gke_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-4.15.0-1051-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-oracle_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-gcp_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-azure-edge_ubuntu_package:*:*:*:*:*:ubuntu:*:*
- cpe:2.3:a:canonical:linux-image-aws-hwe_ubuntu_package:*:*:*:*:*:ubuntu:*:*
https://ubuntu.com/security/notices/USN-4485-1
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
